CVE-2026-32749
Received Received - Intake
Path Traversal in SiYuan Import API Enables Remote Code Execution

Publication date: 2026-03-19

Last updated on: 2026-03-23

Assigner: GitHub, Inc.

Description
SiYuan is a personal knowledge management system. In versions 3.6.0 and below, POST /api/import/importSY and POST /api/import/importZipMd write uploaded archives to a path derived from the multipart filename field without sanitization, allowing an admin to write files to arbitrary locations outside the temp directory - including system paths that enable RCE. This can lead to aata destruction by overwriting workspace or application files, and for Docker containers running as root (common default), this grants full container compromise. This issue has been fixed in version 3.6.1.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-19
Last Modified
2026-03-23
Generated
2026-06-16
AI Q&A
2026-03-19
EPSS Evaluated
2026-06-15
NVD
CVE-2026-32749
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
b3log siyuan to 3.6.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-73 The product allows user input to control or influence paths or file names that are used in filesystem operations.
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2026-32749 is a path traversal vulnerability in the SiYuan personal knowledge management system versions 3.6.0 and below. The issue occurs in the import functionality where uploaded archive files are written to paths derived directly from the uploaded filename without proper sanitization. This allows an administrator to craft filenames containing path traversal sequences (like "../") to write files outside the intended temporary import directory.'}, {'type': 'paragraph', 'content': 'Because the application does not validate that the resulting file path remains within the designated import directory, attackers can overwrite arbitrary files on the server, including critical system files. This flaw enables remote code execution (RCE) especially in Docker containers running as root, leading to full container compromise.'}, {'type': 'paragraph', 'content': 'The vulnerability was fixed in version 3.6.1 by adding strict path validation to ensure that all file writes remain within the intended import directory.'}] [1, 2]

Impact Analysis

This vulnerability allows an administrator user to write arbitrary files to any location writable by the SiYuan process, including critical system paths.

  • Overwrite workspace or application files, leading to data destruction.
  • Write files to system directories such as /etc/cron.d/, enabling remote code execution (RCE) inside Docker containers running as root.
  • Modify user environment files like ~/.bashrc or SSH authorized_keys, potentially allowing persistent unauthorized access.

In Docker environments running SiYuan as root (a common default), exploitation leads to full container compromise.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring for suspicious file uploads to the SiYuan application’s import API endpoints, specifically POST /api/import/importSY and POST /api/import/importZipMd, where filenames contain path traversal sequences such as "../".'}, {'type': 'paragraph', 'content': 'Since the vulnerability involves crafted multipart filenames allowing directory traversal, detection can involve inspecting HTTP requests to these endpoints for unusual filename patterns.'}, {'type': 'paragraph', 'content': 'Example commands to detect potential exploitation attempts include using network traffic inspection tools like tcpdump or Wireshark to filter HTTP POST requests to the vulnerable endpoints and grep for "../" in multipart filename fields.'}, {'type': 'list_item', 'content': "Using tcpdump to capture HTTP POST requests to port 6806 (default SiYuan port): tcpdump -A -s 0 'tcp port 6806 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep -i 'POST /api/import/importSY\\|POST /api/import/importZipMd'"}, {'type': 'list_item', 'content': 'Extract and inspect multipart filenames for path traversal sequences: grep -a -oP \'filename=".*?\\.\\.\\/.*?"\' captured_http_requests.txt'}, {'type': 'paragraph', 'content': 'Additionally, checking the filesystem for unexpected files written outside the intended import directory, especially in system paths like /etc/cron.d/, ~/.bashrc, or SSH authorized_keys, can indicate exploitation.'}] [2]

Mitigation Strategies

The immediate and most effective mitigation is to upgrade the SiYuan application to version 3.6.1 or later, where this vulnerability has been fixed by enforcing strict path validation on imported files.

If upgrading is not immediately possible, restrict access to the vulnerable API endpoints to trusted administrators only, and monitor for suspicious file upload activity.

Running the SiYuan application with the least privileges possible, avoiding root or highly privileged users especially in Docker containers, can limit the impact of exploitation.

Implement network-level controls such as firewall rules to limit access to the import endpoints and consider disabling or restricting the import functionality if not needed.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-32749. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart